You’ll be hard pressed to find file integrity monitoring on any list of cool, emerging, cutting-edge cybersecurity technologies. But if you choose to ignore this mature, foundational technology, it’ll be at great risk.
File integrity monitoring, or FIM, plays a key role in critical security and compliance scenarios. An effective FIM system can help you to promptly detect a variety of changes stemming from normal IT activity, compliance and change control violations, or malicious acts such as ransomware/malware attacks and configuration tampering. FIM can be your last line of detection for complex and evasive rootkits or mobile code. It is also invaluable in making sure validated scripts and configurations are not changed by insiders, malicious or not.
In this blog series, we’ll address the major uses for FIM, starting with regulatory compliance, and specifically the PCI DSS (Payment Card Industry Data Security Standard) mandate.
While FIM is an implicitly required control in many regulations for ensuring information integrity, it is explicitly mentioned in PCI DSS for any system handling personally identifiable information. The best practices and insights from those monitoring systems with FIM for PCI compliance are just as applicable to other regulations and mandates, such as HIPAA, GDPR and Sarbanes-Oxley.